» vault_aws_secret_backend

Creates an AWS Secret Backend for Vault. AWS secret backends can then issue AWS access keys and secret keys, once a role has been added to the backend.

» Example Usage

resource "vault_aws_secret_backend" "aws" {
  access_key = "AKIA....."
  secret_key = "AWS secret key"
}

» Argument Reference

The following arguments are supported:

  • access_key - (Optional) The AWS Access Key ID this backend should use to issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.

  • secret_key - (Optional) The AWS Secret Key this backend should use to issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.

  • region - (Optional) The AWS region for API calls. Defaults to us-east-1.
  • path - (Optional) The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to aws.

  • description - (Optional) A human-friendly description for this backend.

  • default_lease_ttl_seconds - (Optional) The default TTL for credentials issued by this backend.

  • max_lease_ttl_seconds - (Optional) The maximum TTL that can be requested for credentials issued by this backend.

» Attributes Reference

No additional attributes are exported by this resource.

» Import

AWS secret backends can be imported using the path, e.g.

$ terraform import vault_aws_secret_backend.aws aws